HCIP-Security-CISN V3.0 H12-721_V3.0-ENU Dumps Questions [Released 2022] To Help You Achieve Success

1. Users cannot access intranet resources when using the network extension function. Which of the following is not the possible cause of the failure?

2. In a dual-system hot-standby network, when configuring an HRP heartbeat interface, if the address of the peer heartbeat interface is specified, which of the following types of VGMP Hello packets are sent between firewalls?

3. The dual-system hot backup networking diagram is shown below. The gateway address of PC1 in the figure should be the interface IP address of the active device, that is, 10.100.10.2/24.

4. The bandwidth management function only supports limiting the number of connections initiated by a specified IP.

5. When using the Radius server to authenticate users, it is necessary to configure the corresponding user name and password on both the Radius server and the firewall.

6. As shown in the figure, the firewall dual-system hot-standby networking environment. In this networking environment, which of the following commands can ensure that the device can automatically adjust the priority of the VGMP management group and automatically perform the active-standby switchover?

7. Which of the following description of the working process of network expansion is wrong?

8. In the IDC room, a Huawei USG6000 series firewall can be used to divide into several virtual systems, and then the root firewall administrator can generate virtual system administrators to manage each virtual system.

9. The two FWs are interconnected through IPSec. Execute display ike sa on FW_A. The result is as follows. Which of the following statements is correct? (Multiple choice)

10. In dual-system hot backup, how many cycles does the Slave consider that the peer is faulty when it does not receive the HRP HELLO message sent by the peer?

11. Which of the following resource allocation methods does Huawei USG6000 product resource allocation support? (Multiple choice)

12. The networking of an enterprise is shown in the figure. Dual-system hot backup is configured on USG_A and USG_B, and USG_A is the master device. The administrator wants to configure SSL VPN on the firewall so that branch office employees can access the headquarters through SSL VPN. What should be the virtual gateway address of the SSL VPN?

13. GRE Over IPSec tunnel can realize the transmission of IPX packets.

14. Huawei UMA products can be deployed in a logical series connection. Which of the following statements regarding the logical mode of this deployment method is correct?

15. Global route selection means that when there are multiple equal-cost routes to the destination network, the Huawei USG6000 firewall can dynamically select the outgoing interface according to the link bandwidth, weight, priority set by the administrator or the automatically detected link quality to realize the reasonable utilization of link resources and improvement of user experience.

16. When the traffic is finally sent from the outgoing interface, it is limited by the bandwidth of the outgoing interface. If the traffic is greater than the bandwidth of the outgoing interface, which of the following will the traffic be queued to ensure that high-priority packets are sent first?

17. Regarding server load balancing, which of the following technologies can be used to sense changes in server status and ensure that user requests will not be sent to faulty servers?

18. As shown in the figure, BFD is bound to a static route, and the administrator has made the following configuration on firewall A:

[USG6000_A] bfd

[USG6000_A-bfd] quit

[USG6000_A] bfd as bind peer-ip 1.1.1.2

[USG6000_A-bfd-session-aa] discriminator local 10

[USG6000_A-bfd-session-aa] discriminator remote 20

[USG6000_A-bfd-session-aa] commit

[USG6000_A-bfd-session-aa] quit

Which of the following statements about this configuration is true? (Multiple Choice)

19. Use the web page to log in to the SSL VPN gateway, and it will automatically log out after a period of time. The possible reason is that the session of the VPN gateway has timed out.

20. Which of the following scenarios can achieve bandwidth multiplexing? (Multiple choice)

21. Which statements about virtual interfaces are correct? (Multiple choice)

22. To ensure that traffic transmission is not affected by server or link failures, the administrator has configured the health check of the link, but after the configuration is completed, it is found that the status of the health check is still Down. What are the possible reasons? (Multiple choice)

23. Regarding the configuration commands in the intelligent routing below, which of the following are correct? (Multiple choice)

#

multi-interface

mode priority-of-link-quality

priority-of-link-quality parameter delay jitter loss

priority-of-link-quality protocol tcp-simple

add interface GigabitEthernet1/0/1

add interface GigabitEthernet1/0/2

24. The following figure shows the application scenario of L2TP over IPSec. The client uses the pre-shared-key method for IPSec authentication. How should the IPSec security policy be configured on the LNS side? (Multiple choice)

25. What algorithm can session persistence be based on?

26. In order to prevent applications such as Email and ERP from being affected during normal working hours, an enterprise hopes that the minimum bandwidth available for such traffic is not less than 60Mbps. Which of the following configuration meets the requirements?

27. Which of the following information is included in the main mode negotiation process in the first phase of IKE v1 negotiation? (Multiple choice)

28. Which of the following log categories does the firewall log, content log, policy hit log, mail filtering log, URL filtering log and audit log all belong to?

29. As shown in the figure below, the firewall GE0/0/0 interface is directly connected to the PC host through a network cable.

Which of the following commands can work together to complete the backup operation of the system configuration file vrpcfg.cfg? (Multiple choice)

30. Which of the following statements about IPsec is false?

31. If using SSL VPN to provide file sharing function, all files under the shared directory are visible to end users.

Which of the following statements regarding the configuration of file share paths is correct?

32. Which of the descriptions of the virtual system is incorrect?

33. Which of the following devices can detect unknown malicious files transmitted in the network in a virtual environment?

34. Regarding the server load balancing technology, the commands executed on the firewall and the output obtained are as follows:

Which of the following statement is correct?

35. After completing the configuration of intelligent routing, it is found that the traffic is not forwarded according to the configuration. What measures can the administrator take? (Multiple choices)

36. When configuring the IPSec VPN certificate authentication method, if you choose the "RSA signature" authentication method, which of the following steps need to be configured? (Multiple choice)

37. When the BFD session state is "Init", which of the following statements is true?

38. Which of the following is the possible cause of the failure?

39. IP-Link will send a detection packet to the specified IP address. By default, when the detection fails for 3 times, the link to this IP address is considered to be faulty.

40. Which of the following is not the purpose of bandwidth management?